Distributed DHCP (Aruba VPN DHCP Pool) on new Aruba switches

2 weeks ago
- last edited
2 weeks ago

We have several branch locations where we have been running S1500 MAS switches with "Distributed L3 DHCP Scopes", where the branch switch creates a tunnel back to an on-campus controller, and wired clients are handed out an internal IP with DHCP. This is described on page 395 of the ArubaOS 7.4.x User Guide for MAS switches, and it has worked really well for us for small branch deployments.

Looking to eventually replace these older switches, I am trying to get the same or similar functionality from a 3810M switch running 16.05.0007 firmware. I do not see what I am looking for in the documentation. There is a command "aruba-vpn type..." but this looks like it's more for management of the switch, not for routing of clients.

Can anyone tell me if the "new" Aruba switches support "Distributed DHCP Scopes" or something similar?

Re: Distributed DHCP (Aruba VPN DHCP Pool) on new Aruba switches

a week ago

Hi,

Probably the best way to achieve the capability you're looking for is by using the dynamic segmentation feature in our switches, also formally known as tunneled node. With this, you can tunnel traffic based on a per port or per user basis to a Mobility controller.

Re: Distributed DHCP (Aruba VPN DHCP Pool) on new Aruba switches

a week ago

Thank you Justin. I'm familiar with tunneled node on the MAS switches - we are using it inside our LAN, but have not tried it at branch locations. Is there any reason not to do the folllowing, using an internet-facing interface on the controller?

Re: Distributed DHCP (Aruba VPN DHCP Pool) on new Aruba switches

We don't have a current vpn capability in the Aruba switches and don't have a current solution for a distributed dhcp scope. We can only establish a IPSec tunnel for Airwave Management.

With regards to the tunneling to a branch, two considerations need to be made. We don't support tunnels over NAT and Jumbo frames need to be enabled everywhere where the tunnel will traverse. So over a WAN link, there are potential fragmentation issues.